Please provide repo for docker-ce on Fedora 32

[hhlp]

• [ ] This is a bug report
• [x] This is a feature request
• [x] I searched existing issues before opening this one

The Docker-CE Fedora repository is the recommend way to install recommended way. It has many benefits over installing from a package or any other method.

Fedora also releases a new version every six months. The Fedora repository also takes a very long time to become ready after the release of a new version, with many issues being opened after each recent Fedora is release.

Fedora has officially branched Version 32 February 11/2020 and might have a beta release on March 17/2020.

I'm filing this issue to hopefully put this task on the radar, so that there might be a repository set up in time for the Fedora 32 release cycle....

NOTE

Some of us migrate when the beta version is ready so we have to disable the repository and wait for it to be ready

Release Schedule: https://fedorapeople.org/groups/schedule/f-32/f-32-key-tasks.html

Regards.,

[jsg2021]

@ygworldr you should be able to reuse without changing your definition files (Dockerfile, compose files, etc) That seems like a bug. moby is docker and docker is moby... just one has branding. So nothing should break between them. Now, if its a major version difference there may be breaking changes to migrate (other docker users would have the same migration)

Is it possible the existing files are owned by the docker group and you aren't in it? or the service is not in it? Just tossing out some ideas off the cuff.

[Lunarequest]

I am afraid I spoke too soon: docker works fine. However, docker-compose cannot bind any of the persistent volumes I use due to "permissions denied". /sighs/ This, right there, is what I was afraid off…

Note that I have changed nothing in those compose files, in the docker files that build the images, or the permissions/ownership of those volumes.

I am having the same issue with my when running docker - v pwd:dir/ I believe it has something to do with the cgroups change but don't quote me. Just make a educated guess

[SolidTux]

I had a similar problem which was fixed by adding the z permission flag.

[ghost]

When you have weird permissions problems in Linux, it's always freaking SELinux interfering: /host/path:/mount/path:Z is indeed the correct fix. Apparently, docker-ce has that covered but moby does not…

@advaithm Could you try that to confirm?

[Lunarequest]

@ygworldr for some reason. I tried replicating the problem and its no longer there. No idea why it was there originally.

[zdm]

6 months passed since fedora 32 was released. When docker finally will support it? Or never?

[Lunarequest]

@zdm if you check on the moby repos they have come close to a stable release. The reason this has been taking a long time is fedora and 32 changed alot of low level things which meant large portions of docker had to be modified/recoded to work.

[zdm]

But six months?

Ok, thank you.

On 16.07.2020 20:19, advaithm wrote:

@zdm https://github.com/zdm if you check on the moby repos they have come close to a stable release. The reason this has been taking a long time is fedora and 32 changed alot of low level things which meant large portions of docker had to be modified/recoded to work.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/docker/for-linux/issues/955#issuecomment-659553378, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAH2MSGHYHOFW2QEUG2BMJ3R34ZBJANCNFSM4LMPVS5Q.

[AkihiroSuda]

In addition to cgroup v2, the firewalld stuff was recently addressed on Moby master

https://github.com/moby/moby/pull/41189

[Ainz]

• [ ] This is a bug report
• [x] This is a feature request
• [x] I searched existing issues before opening this one

The Docker-CE Fedora repository is the recommend way to install recommended way. It has many benefits over installing from a package or any other method.

Fedora also releases a new version every six months. The Fedora repository also takes a very long time to become ready after the release of a new version, with many issues being opened after each recent Fedora is release.

Fedora has officially branched Version 32 February 11/2020 and might have a beta release on March 17/2020.

I'm filing this issue to hopefully put this task on the radar, so that there might be a repository set up in time for the Fedora 32 release cycle....

NOTE

Some of us migrate when the beta version is ready so we have to disable the repository and wait for it to be ready

Release Schedule: https://fedorapeople.org/groups/schedule/f-32/f-32-key-tasks.html

Regards.,

From today.

Error: Failed to download metadata for repo 'docker-ce-stable': Cannot download repomd.xml: Cannot download repodata/repomd.xml:

Instructions on Docker page gives same result.

Instructions on https://hub.docker.com/_/fedora = 404 https://docs.docker.com/engine/install/fedora/ = 404

All I want from Fedora is to run some Docker images.... and what is Moby?

[vincent-olivert-riera]

All I want from Fedora is to run some Docker images.... and what is Moby?

There is plenty of information on this thread; I suggest you to read. Don't stop at the first comment.

[Ainz]

Well I am new to whole this shebang and don't normally use linux or cli... just want latest docker to work in me Fedora Server 32 Cockpit....which seems awesome, it worked fine on Windows Server but I can't afford the licensing for a SOHO.

[vincent-olivert-riera]

Well I am new to whole this shebang and don't normally use linux or cli... just want latest docker to work in me Fedora Server 32 Cockpit....which seems awesome, it worked fine on Windows Server but I can't afford the licensing for a SOHO.

I think this must be enough to cover your needs: https://fedoramagazine.org/docker-and-fedora-32/

[Ainz]

I think this must be enough to cover your needs: https://fedoramagazine.org/docker-and-fedora-32/

Yes I read that but I am kinda reluctant to install Moby, why would anyone want to create their own flavour of a winning concept instead of contributing to a standardized solution that works everywhere...

[AkihiroSuda]

All I want from Fedora is to run some Docker images....

Docker 20.XX supports Fedora 32. 20.XX isn't officially released, but Moby binary snapshots are available on my repo: https://github.com/AkihiroSuda/moby-snapshot

and what is Moby?

Same except the trademark

[Ainz]

So after following the guide in the magazine I get

sudo docker run hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world 0e03bdcc26d7: Pull complete Digest: sha256:49a1c8800c94df04e9658809b006fd8a686cab8028d33cfba2cc049724254202 Status: Downloaded newer image for hello-world:latest docker: Error response from daemon: OCI runtime create failed: this version of runc doesn't work on cgroups v2: unknown.

I know this is not a support thread, kinda, but maybe someone want to know.

I run Fedora Server 32... not desktop... just to have that in the clear...

[AkihiroSuda]

this version of runc doesn't work on cgroups v2

sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0" as explained in https://fedoramagazine.org/docker-and-fedora-32/

[Ainz]

I did that... wait... there was a line break in the article, not in your post Akihiro. /bows

Should have thrown an error dividing those lines...no...?

Did it again and works after testing... all that welcoming message and 1-2-3-4 list

[ghost]

@Ainz The only problem you might face using moby instead of docker-ce is with SELinux as of course, it gets in the way of doing the right thing™.

Mostly it refuses to mount local volumes unless you have a :Z flag or set the correct SELinux magical permissions. See this article for an explanation why sudo chcon -Rt svirt_sandbox_file_t /path/to/dir works.

[Ainz]

I am seeing more and more reasons to ditch SELinux... wasn't even a choice, it just came enabled by default. The moment a security "system" hinders you from actually understanding and taking measures to secure your system and using it as intended... well. I am not thrilled.

[ghost]

I am seeing more and more reasons to ditch SELinux... wasn't even a choice, it just came enabled by default. The moment a security "system" hinders you from actually understanding and taking measures to secure your system and using it as intended... well. I am not thrilled.

The more secure a system is, the harder it is to use. There is no way around that simple fact. This is off-topic!

[agalazis]

use mobi: https://fedoramagazine.org/docker-and-fedora-32/

[zdm]

Users just wants to run containers, they don't wants to build its own docker executable. Moby is not for end-users.

[ghost]

Users just wants to run containers, they don't want to build its own docker executable. Moby is not for end-users.

Moby allows you to run containers just fine using the exact same commands as those provided by docker-ce. The only problem you might face is SELinux.

[zdm]

Why not just make new docker release and close this discussion? As I understand, docker already can work under FC32 without problems.

On 12.08.2020 14:32, Dr Yann Golanski wrote:

Users just wants to run containers, they don't want to build its own
docker executable. Moby is not for end-users.

Moby allows you to run containers just fine using the exact same commands as those provided by docker-ce. The only problem you might face is SELinux.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/docker/for-linux/issues/955#issuecomment-672817164, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAH2MSAJIXWZ6SRD2CQEZZLSAJ4VHANCNFSM4LMPVS5Q.

[junaruga]

Though I am not sure someone has already reported this, I succeeded to install Docker CE binary RPMs for Fedora 31 to Fedora 32 by the following commands. It works on the basic use cases on my environment.

$ cat /etc/fedora-release 
Fedora release 32 (Thirty Two)

$ curl -fsSL https://get.docker.com -o get-docker.sh

$ sudo sh get-docker.sh
...
Errors during downloading metadata for repository 'docker-ce-stable':
  - Status code: 404 for https://download.docker.com/linux/fedora/32/x86_64/stable/repodata/repomd.xml (IP: 99.86.243.99)

$ sudo sed -i.bak 's/$releasever/31/g' /etc/yum.repos.d/docker-ce.repo

$ sudo dnf install docker-ce docker-ce-cli containerd.io

[junaruga]

Why not just make new docker release and close this discussion? As I understand, docker already can work under FC32 without problems.

I think that is because the docker-ce's official RPM repository is not provided from Docker. And Fedora 32 is not mentioned in the official document. After those are fixed, I think we can close this ticket.

https://docs.docker.com/engine/install/fedora/

OS requirements To install Docker Engine, you need the 64-bit version of one of these Fedora versions: Fedora 30 Fedora 31

Following the Fedora Magazine's document, we can install moby-engine RPM from Fedora official repository. And it seems it works. But it's not about docker-ce from the docker's repository.

[christian-korneck]

in case this helps anyone, I've made a quick fork of the Docker install script (the one from https://get.docker.com) with some of the workarounds for Fedora 32 mentioned in this thread. [link]

[zdm]

seems, that fedora 32 is completely new os, so docker is unable to support it officially yet.

[infraengineer-sre]

There is NO [32](https://download.docker.com/linux/fedora/32/) folder at download.docker.com/linux/fedora/ so you will get 404 HTTP Code Error with download.docker.com/linux/fedora/32/x86_64/stable/repodata/repomd.xml

You can ither

download and install

fc31 versions

https://download.docker.com/linux/fedora/31/x86_64/stable/Packages/docker-ce-cli-19.03.12-3.fc31.x86_64.rpm https://download.docker.com/linux/fedora/31/x86_64/stable/Packages/docker-ce-19.03.12-3.fc31.x86_64.rpm https://download.docker.com/linux/fedora/31/x86_64/stable/Packages/containerd.io-1.2.13-3.2.fc31.x86_64.rpm

Delete moby if you alredy have https://linuxconfig.org/how-to-install-and-configure-docker-ce-moby-engine-on-fedora-32 to avoid

Error: 
 Problem: problem with installed package moby-engine-19.03.11-1.ce.git42e35e6.fc32.x86_64
  - package moby-engine-19.03.11-1.ce.git42e35e6.fc32.x86_64 conflicts with docker-ce-cli provided by docker-ce-cli-1:19.03.12-3.fc31.x86_64
  - package docker-ce-cli-1:19.03.12-3.fc31.x86_64 conflicts with docker provided by moby-engine-19.03.11-1.ce.git42e35e6.fc32.x86_64
  - package moby-engine-19.03.8-1.ce.gitafacb8b.fc32.x86_64 conflicts with docker-ce-cli provided by docker-ce-cli-1:19.03.12-3.fc31.x86_64
  - package docker-ce-cli-1:19.03.12-3.fc31.x86_64 conflicts with docker provided by moby-engine-19.03.8-1.ce.gitafacb8b.fc32.x86_64
  - conflicting requests

or

install from official Fedora 32 Fedora Updates x86_64 repo

download-ib01.fedoraproject.org/pub/fedora/linux/updates/32/Everything/x86_64/Packages/m/moby-engine-19.03.11-1.ce.git42e35e6.fc32.x86_64.rpm

if you have not

[junaruga]

seems, that fedora 32 is completely new os, so docker is unable to support it officially yet.

Yes, I think so. Fedora 32 has a new version of firewalld where the background is not iptables but nftables. But firewalld upstream project is already changing the default setting to nftables. So, this situation will happen on other Linux distributions in the future too.

[infraengineer-sre]

use mobi: https://fedoramagazine.org/docker-and-fedora-32/

moby

[gunnarvelle]

Finally!!

https://download.docker.com/linux/fedora/32/

[zdm]

docker: Error response from daemon: cgroups: cgroup mountpoint does not exist: unknown.

I still need to exec this commands manually after each reboot:

sudo mkdir /sys/fs/cgroup/systemd
sudo mount -t cgroup -o none,name=systemd cgroup /sys/fs/cgroup/systemd 

[thaJeztah]

Sorry for the long delay; our initial plan was to include Fedora 32 for our upcoming 20.x release, which will include preliminary support for both cgroupsv2 and has changes to automatically reconfigure firewalld for container networking to work.

Work on cgroupsv2 in containerd and runc was still ongoing, and we wanted to wait for those changes to arrive before we started building beta releases of Docker 20.xx.

Given the delay, we decided to start shipping containerd 1.3 as an intermediate step with docker 19.03.13 and up, and to build packages for Fedora 32 with the 19.03.13 patch release.

Due to the changes in Fedora 32, the install experience is slightly more involved than usual, and currently requires some extra manual steps to be performed, depending on your machine's configuration.

We will update our documentation to outline those steps (and possibly add some information to the convenience install script at https://get.docker.com).

Here's an example of the installation procedure on a Fedora 32 machine on DigitalOcean:

Configure your machine to disable cgroups v2

First, make sure that cgroups v2 are disabled (cgroups v2 are not yet supported on containerd 1.3 and lower). This requires a restart of your machine:

sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"
reboot

On the DigitalOcean machines, firewalld is not installed by default:

firewall-cmd --help
-bash: firewall-cmd: command not found

systemctl start firewalld
Failed to start firewalld.service: Unit firewalld.service not found.

(Interestingly /etc/firewalld/firewalld.conf exists, but is a broken symlink to firewalld-standard.conf (which doesn't exist)):

ls -la /etc/firewalld/firewalld.conf
lrwxrwxrwx. 1 root root 23 Apr 22 22:31 /etc/firewalld/firewalld.conf -> firewalld-standard.conf

Install docker

This uses the convenience installation script, but you can also follow the manual install in https://docs.docker.com/engine/install/fedora/#install-using-the-repository

curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

Docker is not automatically started on RPM-based distros, so start docker, and enable it to start automatically on restart:

sudo systemctl start docker
sudo systemctl enable docker
# Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.

Check that docker is running (docker version, docker info);

sudo docker version

Client: Docker Engine - Community
 Version:           19.03.13
 API version:       1.40
 Go version:        go1.13.15
 Git commit:        4484c46d9d
 Built:             Wed Sep 16 17:03:54 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.13
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       4484c46d9d
  Built:            Wed Sep 16 17:01:49 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.3.7
  GitCommit:        8fba4e9a7d01810a393d5d25a3621dc101981175
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

sudo docker info

Client:
 Debug Mode: false

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 19.03.13
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175
 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 5.6.6-300.fc32.x86_64
 Operating System: Fedora 32 (Cloud Edition)
 OSType: linux
 Architecture: x86_64
 CPUs: 1
 Total Memory: 1.933GiB
 Name: fedora-s-1vcpu-2gb-ams3-01
 ID: 4XCZ:2SPK:VLLW:HXXC:RZ22:4YQH:EVE6:NQGU:IFBN:625J:OFBV:YLWJ
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Run a container and make an internet connection to verify the installation works:

sudo docker run --rm alpine sh -c 'wget -q -O- http://docs.docker.com | grep "<title"'
#  <title>Docker Documentation | Docker Documentation</title>

If your machine has firewalld installed

sudo dnf install -y firewalld

sudo systemctl start firewalld
sudo systemctl enable firewalld

After installing, firewalld blocks networking for containers:

sudo docker run --rm alpine sh -c 'wget -q -O- http://docs.docker.com | grep "<title"'
# wget: bad address 'docs.docker.com'

Configure firewalld to add docker0 to the trusted zone

This currently needs to be done manually. The upcoming Docker 20.x release will perform this automatically if firewalld is detected (see https://github.com/moby/libnetwork/pull/2548). There's also a backport open, but needs to be discussed if we want to include the patch in a patch-release for 19.03 (https://github.com/moby/libnetwork/pull/2575).

Adding docker0 to the trusted zone and reload firewalld configuration (steps taken from https://github.com/moby/libnetwork/pull/2548):

sudo firewall-cmd --permanent --zone=trusted --add-interface=docker0; firewall-cmd --reload
# success
# success

Docker needs to be restarted after this, otherwise containers won't be able to make internet connections:

sudo docker run --rm alpine sh -c 'wget -q -O- http://docs.docker.com | grep "<title"'
# wget: bad address 'docs.docker.com'

Restart the docker daemon:

sudo systemctl restart docker

(note: I did systemctl stop docker and systemctl start docker, butrestart should work)

After this networking works:

sudo docker run --rm alpine sh -c 'wget -q -O- http://docs.docker.com | grep "<title"'
  <title>Docker Documentation | Docker Documentation</title>

[AkihiroSuda]

This issue can be closed?

[thaJeztah]

Yes, I think we can close; feel free to continue the conversation

[BBQigniter]

thanks @thaJeztah worked like a charm on Fedora Server 32

still had to execute firewall-cmd --permanent --zone=FedoraServer --add-masquerade so that containers in their assigned network really can talk to each other. Adding docker0 only to the trusted zone seems not to be enough

[thaJeztah]

@BBQigniter ah, interesting. Could you perhaps open a ticket in https://github.com/moby/moby/issues for that? Wondering if that can/should also be set automatically. Better to have a new ticket for it to track 👍

[junaruga]

According to this comment: https://github.com/moby/moby/issues/40360#issuecomment-699867043 , the coming Docker version 20 will support cgroups v2.